23.06.2013 22:02

Rooting Android devices from roots

This is my first contact with Android based device. It may sound odd in 2013, but it is true. Looking around the world of internet for a description how Android works, one can mostly find it full of an information pollution. I was surprised how many people is just blindly installing many applications on their computers (many of them being a mallware) and many on their Android devices to gain a root privileges, crying for help to root their device, without a bit of understanding what is going on. My experiences may really not be complete, this is just what I've found and how far I understand it at the moment.

Level 1 - Android Debug Bridge

Android Debug Bridge (adb in short) is a debugger application that you may run on a Windows, Linux or whatever to work with and debug Android device "remotely" thru USB. For most of the devices you do not need to install anything besides the ADB and enabling USB Debugging in Developers section on the device to get access to it. There could be probably devices without this setting, then this howto will not apply that easily.

For Linux just install android tools like

yum install android-tools

You do not need a full android SDK to communicate with Android device. Just ADB may not find your device without knowing its vendor ID. Connect the device to your PC and use

adb devices

to list a devices your PC sees.

If you get and empty list the use

lsusb

to list a USB connected devices. You will find there a device with vendor ID like 12ab:23cd. The device is either marked as unknown at all or my identify your Android device somehow. Just add this the first half like "0x12ab" to your

~/.android/adb_usb.ini

one vendor ID per line. Then list the devices again. Your Android should be there now.

Do not forget to enable the Developer mode in the Settings, then enable under new developer menu item the USB debugging.

Level 2 - It is Linux after all

If you understand how Linux works, you are a half way down. What is going on in rooting the Android device is gaining somehow a root shell access. The common way for changing to user with root privileges in Linux is using a "su" binary, that switches the context. In Android devices there is often just some very cut down version of su, that does not allow you as user to switch to root (see next chapter). If this is not your case the first step is to set a proper user (root) for the binary and set it "user id" flag for execution - so called suid bit. This will guarantee that when "su" is run, it will start with root privileges. On most systems you can achieve this thru ADB.

adb root

sets ADB to run as root, then you need to remount the filesystem with android to read-write mode as it is usually in read-only mode

adb remount

now you may change the permissions on a "su" binary

abd shell chown root /system/xbin/su
adb shell chmod 06755 /system/xbin/su

You may find some variations of the number for chmod command, but the most significant is the 06 at the beginning that is saying "set suid for user and group id". As the su binary is usually owned by root, you may be done for a Linux perspective.

Level 3 - Android layer

Android uses a Linux mostly as a background layer for a Java like environment that runs all of the applications. Generally you do not need to install an Android Terminal Emulator, but if you want to understand better what is going on, then this is a good option. Under normal unix you may get a root privileges by running a "su" after changing the premissions, however here you most probably end up with something like

su
uid 1029 is not allowed to su

This is because the Android by default has a version of "su" modified to not allow a root access for a default user. You have to replace it with a full featured version. Best from home of superuser application where you can find a "su" binary.

Now you have to push that binary to device, ADB will help again

adb shell mv /system/xbin/su /system/xbin/su.orig
adb push su /system/xbin/su
adb shell chmod 06755 /system/xbin/su

OK, now you have a su with all the capabilities, but typing a "su" in Terminal you get Permission denied.

su
Permission denied

While if you run a

adb shell su
#

you will get to root prompt.

How is that possible? Well the Terminal Emulator is after all just a Java application and it has its own manner of permission layers. In the application manifest it has to present a capabilities for the application. The best to manage this is to install a Superuser application. You may either get it from a google play, as long as google let it there, or again from the home page download the .apk archive a install it using ADB.

adb install Superuser.apk

Exit the terminal, start Superuser application, verify the "su" binary under "i" and run Terminal. Now type "su". You will be asked if you want to grant the Terminal to gain Super User capabilities.

Done.

For various reasons, it may be needed to install also a Busybox binary. This is a multi purpose binary, that contains many tools, that are not installed in Android by default. This is mostly for a comfort use of a Terminal.


Email comment